Security Experts:

Cyber Boogeyman: Is Your Company Being Stalked by a (Business) Killer?

I don’t remember much about my tenth year of life, but I do remember one movie in particular: Halloween.

I was riding in the car with my dad just around dusk when I heard the first radio ad for the film complete with that spine-tingling, creepy music. Even though it was still daylight, my ten year old brain ran wild with thoughts of danger lurking round every corner.

A few weeks later, after having snuck in to see the movie through the back door of the local theater with my next door neighbor, I was, from then on, rendered constantly alert and paranoid anytime I walked through the streets of my small hometown.

Still today, when I hear it, I’m instantly and momentarily transported to the end of October. It’s a dark and windy night and a stalker intent on harming me lurks just past the next streetlight.

It’s now getting close to Halloween in 2015 and today, with the darkest corners of the Internet becoming truly creepy places, individuals and their life’s blood personal information are very real targets for cyber stalkers intent on doing harm.

There’s a word for this kind of stalking and it’s called “doxing.”

Most people have not yet heard of it and fewer are aware of this fast-growing threat’s potential impact.

Perhaps even more troubling, almost no business is at present aware or alert to the dangers doxing poses to their brand and reputation, their networks, their partners, their customer data and much, much more.

It’s too bad cybercrime doesn’t come with theme music.

Doxing sounds complex, but it’s actually very simple. Originating from the word “documents” turned into a hacker-hip verb, it basically means to gather lots of important data about a person into a kind of dossier and dump it on the public Internet. Information such as a person’s phone number, physical and email address, favorite web sites, passwords, MAC and IP addresses for your mobile devices, the gym where they work out, favorite take out restaurants, their spouse’s employer and on and on and on.

Anything and everything that makes you “you” drawn from the footprints you leave at the intersection of your real and wired worlds.

Sometimes people get doxed for revenge. In other cases, it’s just classic identity theft and counterfeiting. Sometimes it’s hacktivists shaming someone for a cause. Sometimes it’s simply to harass; kinda like the old days when your high school nemesis would sign you up for 35 Columbia House record and tape club memberships. Now that’s scary.

Most disturbingly, in what is a fast-growing number of cases today, doxing is now being used for profit. Big profit.

With the liveliness of the dark web illicit markets, doxed information is a valuable cottage industry for those seeking bigger and badder cybercrime. In the market today, that bigger and badder cybercrime involves criminals using this technique to target companies directly and indirectly through their executives and employees, then parlaying that info into a big sale for those who want to further cyber exploit a business.

For example, doxers can target a company’s CEO in order to effectively impersonate him or her in a sophisticated phishing campaign aimed at, say, wire transfer fraud. Phishing is big business. The more real and believable the emails, the more likely a cybercrime organization is to succeed in its campaigns against a corporation. Valuable doxed info sold on the dark web black market is the raw material for a highly effective technique that usually circumvents all traditional “defense-in-depth” cyber defenses.

Speaking of email, a frequent target for doxers is proprietary information or intellectual property.

Imagine your CTO being stalked by doxers for months. They gather info from the open Internet on his/her social media accounts, e-Commerce site profiles, support forum posts, product and service reviews and much more.

Undetected, the doxers are then easily able to target your CTO at their personal email address with a single phony email that mimics, say, a LinkedIn login form.

Due to the low standards and high re-use of passwords by most people, the doxers are then able to quickly gain access to both personal and work emails. Before you know it, they’re monitoring communications going on between your CTO and your patent counsel; something that yields a very lucrative set of designs that’s quickly monetized on the dark web.

And these are but simple examples.

Doxing can support much more sophisticated and impactful threats, much bigger targeting campaigns. Worse yet, a single dox can yield a wide variety of valuable cybercrime threat vectors in a growing black market economy that pays top dollar for any actionable access into your organization. In fact, the market is so robust, some cyber criminals are even offering “doxing-as-a-service.”

The bottom line is that doxing can be used to destroy your company’s brand, hurt your customer loyalty, arm your competitors, gain access to your networks for data breach, perpetrate financial fraud, counterfeit your secret sauce, ruin your corporate credit and business ratings and a wide variety of other harms.

This year, and for the first time ever, I have personally seen several cases where doxing has been used to do all of the above - and it’s an activity that’s trending up.

In every case, management and security professionals alike are often caught completely off-guard by the role doxing plays in a growing number of their cybersecurity problems.

Much like the wind, with doxing you can’t really see it directly, only its effects as it occurs. But, just as with the wind, it can be detected. Simply put, it’s very hard to defend against, but there are ways a company can make their operations safer.

Taking proactive and diligent steps to continuously monitor your risk profile is the key.

Companies that gather and use comprehensive intelligence on everything from phishing campaigns that target their domains all the way to artifacts such as employee and executive emails showing up for sale on the dark web are in a better position to recognize and respond to doxing-driven cybercrime much quicker than those who don’t.

Don’t see the value in doing cyber intelligence? Well, the doxers sure do.  

view counter
Jason Polancich founder and Chief Architect at SurfWatch Labs. He is a serial entrepreneur focused on solving complex internet security and cyber-defense problems. Prior to founding SurfWatch Labs, Mr. Polancich co-founded Novii Design which was sold to Six3 Systems in 2010. In addition to completing numerous professional engineering and certification programs through the National Cryptologic School, Polancich is a graduate of the University of Alabama, with degrees in English, Political Science and Russian. He is a distinguished graduate of the Defense Language Institute (Arabic) and has completed foreign study programs through Boston University in St. Petersburg, Russia.